Thread: Fedora 11 (Leonidas) Discussion Thread
View Single Post
  #20 (permalink)  
Old 31 Mar 09, 08:28 AM
vishalrao's Avatar
vishalrao vishalrao is offline
Global Village Idiot
  
Join Date: Nov 2007
Location: Pune
Age: 33
Posts: 2,876
vishalrao is highly Famed vishalrao is highly Famed vishalrao is highly Famed vishalrao is highly Famed vishalrao is highly Famed vishalrao is highly Famed vishalrao is highly Famed vishalrao is highly Famed vishalrao is highly Famed vishalrao is highly Famed
Default Re: Fedora 11 (Leonidas) Discussion Thread
Too lazy to go searching whether a thread for this already exists, so posting here:

Quote:
=== What Happened Last Summer? ===

Paul W. Frields broke radio silence to provide[1] a detailed explanation of last August's (2008-08-12) security problem. Briefly, a Fedora Project systems administrator used a pass-phraseless SSH key. This was copied from the administrator's machine and used to gain access to Fedora infrastructure. Subsequently trojaned versions of OpenSSH and rpm were built and deployed on Fedora infrastructure. The investigation concludes that these packages were detected and removed before any rpms were built with them or distributed to Fedora users. The full, detailed communication includes a time-line.
1.
Update and Report on Fedora August 2008 Intrusion
Reply With Quote